January 7, 2015 at 8:08 pm #2261cchebertParticipant
I’m trying to use OpenAm with a J2EE Agent running on JBoss. My application is just a simple war with a single html file (hello world).
Without the login-config section in my web.xml file I simply hit a 403 error when I access my application, no redirection to OpenAm.
So I figured that I need a login-config section in web.xml file to specify the realm even if I did put it in my jboss-web.xml (“<security-domain>java:/jaas/AMRealm</security-domain>”).
Why do I need a login-config section in my web.xml ? My problem is that the redirection to my login page happen before the agent filter is redirecting me to OpenAM. In the “goto” parameter I see the url of my login page, which doesn’t really exists since I want to use the OpenAM login page (for now).
By the way, I would prefer to let OpenAm do the authentication part but to keep the authorization part on the jboss side (using the SSO_ONLY mode for the agent).
Any help would be much appreciated !January 14, 2015 at 3:08 am #2401Peter MajorModerator
not sure why jboss-web.xml changes are necessary, can’t really tell for sure – theoretically setting login-config>realm-name should be just as sufficient in my opinion. In any case, what you should do is:
1) configure the agent, so that it protects your application in J2EE_POLICY (this is when no OpenAM policies are enforced, but the agent will still deal with authentication for you)
2) once you’ve set up your form-login-config, make sure the corresponding login and error pages are configured in the agent profile as well (under the Applications tab), that should allow the agent to recognize those URLs and handle them appropriately.
3) make sure that the agent filter is defined in your web.xml and it is the first filter, otherwise other filters may provide unprotected output from the application.
You must be logged in to reply to this topic.